Active Directory binding after imaging MacBook Airs

talkingmoose
Moderator
Moderator

This week during a JumpStart I ran into an interesting scenario with Active Directory binding on Wi-Fi only MacBooks Airs and thought I'd ask how others have handled this.

A school district needs to image about 200 MacBook Airs for students and faculty and these laptops need to be bound to Active Directory. They're using Target Mode Imaging with external hard drives as the distribution points. Ideally, they'd image and shutdown the machines until they're handed over at the beginning of the school year. That means they will have never phoned home to the JSS and are not yet bound to Active Directory.

We created a script to enable Wi-Fi at reboot. That works great. We created a second script to bind the Mac to Active Directory but it's failing to allow logins until another reboot. Even if we use one script that first enables Wi-Fi and then binds to AD, no one can log in until another reboot. It's as if the login window isn't recognizing the binding.

We'd really like to not have to give users instructions to reboot their new laptops twice before logging in. I'd also like to not have to make them wait for 15-30 minutes for an initial inventory to scope a policy to bind to AD.

Curious to know if others have run into this situation and how they've handled it.

2 REPLIES 2

Josh_S
Contributor III

Try a "killall loginwindow" after binding the machine. Or, if you want to check to make sure you don't kick someone out of the machine if someone is logged in:

#!/bin/sh

if [ "$(who | grep -o console)" != 'console' ]; then
    killall loginwindow
fi

talkingmoose
Moderator
Moderator

Good idea. I'll pass that along and see if it works.

Thanks!